Understanding Linux File Permissions for Beginners

In Linux operating system, everything is organized in the form of files and directories. By setting permissions on files and directories, one can make sure that only authorized users are allowed to access a specific data. Each file in Linux is owned by a user and group. The user is the one that creates the file and group is the one to which the user (owner of the file) belongs to.

Understand file permission

File permissions consist of three permissions that you can apply to files and directories. In this section, you’ll learn how the system works and how to modify these permissions. Before doing this, let’s have a look at how to read the current permissions. The best method to do so is by using ls -l, which will show you a list of all files and directories in the current directory

For example, you can list the files under the directory /home/sam as follows.

The result is displayed on 7 columns but we will just concentrate on the first, the third and the fourth column.

the first column shows the file permissions,

the third column shows the user owner of the file,

the fourth column shows the group owner of the file.

To understand the file permissions easily, we need to understand the first column which is on this form

[d][rwx][rwx][rwx]

Here the first character indicates the type of file. For instance, it gives

d : directory

- : regular file

l : symbolic link

p : named pipe

s : Unix domain socket

c : character device file

b : block device file

Next are nine characters to specify the permissions that are set to the file or directory:

the first set of three are the user owner permissions,

the next set of three are the group owner permissions,

the last set of three refers to the permissions granted to others.

The three basic permissions allow you to read, write, and execute files but it also exist special permissions. The effect of these permissions will be different when applied to files or directories. There are:

read permission (r or 4): means you will be able to read a file and list the content of a directory

write permission (w or 2): means you will be able to edit a file and add, delete or rename files in a directory.

execute permission (x or 1): means you will be able to execute a program or shell script and move to a directory (cd to the directory).

Set User ID (SUID) permission (u+s or 4): can only be set to a user. It means that any user can execute program/script with permissions of file owner.

Set Group ID (GUID) permission (g+s or 2): can only be set to a group. Itmeans that any user can execute a program/script with permissions of group owner and any file created in a directory gets the same group owner.

Sticky bit permission (t or 1): can only be applied on directory and prevent users from deleting files from other users.

For mode detail on chmod concept command, you can read this article for newbies and advanced Linux users.

1. Symbolic chmod permission examples

The linux command chmod can be used to change the permission of a file or directory. When you want to set permissions, you can use the symbolic mode (r, w, x, s, t). To apply it to a directory with its content (recursive), you use -R option of chmod command.

a. chmod +x

To add an execute permission on a script or a program in order to run it, we can use chmod +x command which will set the permission to user, group and the other. The + operator add a permission to the existing ones. For example :

b. chmod u=rx

You can just change the user owner’s permissions with = operator followed by the permission. This operator replaces the last permissions by the newest permissions. For example

$ ls -ld test/
drwxrwxr-x 2 papso papso 4096 May 15 20:18 test/

You can see that the user owner has the w permission. Now let's apply the permission below

$ chmod -R u=rx test

$ ls -ld test/
dr-xrwxr-x 2 papso papso 4096 May 15 20:18 test/

c. chmod g+w,o-x

It is possible to add permission to an entity and remove (- operator) permission to another entity on a single command. For example, we will add write permission to group entity and remove only execute permission to the others

# chmod g+w,o-x hello

# ls -l hello
-rwxrwxr-- 1 root root 66 May 15 20:12 hello

2. Numeric or octal chmod permission examples

You can also use numeric mode (4, 2, 1) when you want to set permissions. But with this mode, you use three digits and you need to calculate the value of each entity in order to set the good permissions.

a. chmod 755

If you want to set permission to a directory such that the user should be able to read, write and execute the directory, the group and the others should be only able to read and execute it, the permission should be like drwxr-xr-x. We can now find the octal value to use

b. chmod 754

It is possible to make a program readable by the other to limit danger, give read and execute permission to group and all the permission to the user.

# chmod 754 hello

It is possible to set the permission to all script files on the current folder supposing you gave .sh extension to theses files

# chmod 754 *.sh

c. chmod 640

If you want to set the permission of a file such that the user should be able to read and write the file, the group should be able to read the file and others should not have any access to the file, permission should be like -rw-r-----.

# chmod 640 bootstrap

We will find all 777 permission files and use chmod command to set permissions to 640.

3. Special bit chmod permission examples

We can use the SUID, GUID and sticky bits to apply special permission on Linux file with chmod command. We will see some examples below

a. chmod u+s and chmod 4655

You can permit any user to run a program as if he was the user owner with the SUID permission. You can use the symbolic mode as below

# chmod u+s hello

# ls -l hello
-rwsr-xr-x 1 root root 66 May 15 20:16 hello

If you want to set the permission with numeric mode, you will four digits and you need to begin with the SUID value (4) followed by the set of three to set permission to the file as below

# chmod 4655 hello

b. chmod +t and chmod 1777

We will now prevent users from deleting file from the others user with the sticky bit. It is only set on folder, not file. Suppose that the folder has already all the permissions applied to any entity. You can use it as below

$ chmod +t test1

To use the numeric method, we need to begin with numeric sticky bit value (1) followed by the set of three to set

You can see that in spite of all rwxrwxrwx permission, patrick user was not able to delete papso's file

c. chmod g+s and chmod 2664

You can set SGID permission to set default group ownership on files and sub-directories created in that directory. For example, if you have a shared group environment, this is not very useful, because no one else will be able to modify the files you’re creating, even if they’re member of the same group.

Conclusion

When using chmod, you can set permissions for user, group, and others. You can use this command in two modes: symbolic mode (relative mode) and numeric mode (absolute mode). In absolute mode, three or four digits (depending on special bit or not) are used to set the basic permissions and remember that you should calculate the value that you need.

Hand-picked related articles

Apache is the most popular free and open-source cross-platform web server software widely used in Linux and other Unix operating systems. It is the first web server software to serve more than 100 million websites. It supports a variety of [...]

Certbot is a user-friendly automatic client that fetches and deploys SSL/TLS certificates for your web server. It is an EFF's tool which is used to obtain certs from Let's Encrypt and auto-enable HTTPS on your server. In short, it acts [...]

The boot process of a Linux system involves a number of stages. These include the BIOS initialization, reading the MBR, the bootloader, kernel initialization and the init process. The initrd (initial ramdisk) plays a very significant role in booting up [...]